home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The World of Computer Software
/
World_Of_Computer_Software-02-385-Vol-1of3.iso
/
s
/
secwfw.zip
/
SECURITY.TXT
< prev
Wrap
Text File
|
1993-01-04
|
5KB
|
63 lines
Concern - Security
Is the security in Windows for Workgroups adequate for security critical situations? Some of our employees
work with very sensitive data and if that data was accidentally made freely available from their hard disk over
the network it would be a serious security breach. Also, how will Windows for Workgroups interact with the
security features we already have in place on our servers?
Response
Windows for Workgroups is as secure as any other LAN client available. It complements, rather than replaces,
your existing LAN security.
Windows for Workgroups respects all server-based security schemes just as the Windows operating system version
3.1 does today. As a result, sensitive, mission-critical data can continue to reside on a server and be protected on a
user-by-user basis while less sensitive, more routine information, can be shared directly between the people that
need to interact. This type of security architecture can actually free up both server space and the LAN
administrator's time. For peer-to-peer sharing Windows for Workgroups provides an additional security model.
When Windows for Workgroups users decide to share their resources (files, printers, etc.) on the network, they
have the option of declaring the information to be read-only or full access, and can also decide whether or not to
require a password for such access. Adding a password when users share information will help guard their data
from unauthorized use.
Windows for Workgroups also makes security easy to use for the network users by automatically remembering the
passwords to resources the user had previously connected to. The appropriate passwords for the resources are saved
in encrypted files on the user's hard disk and are provided to the servers as needed. In this way, users don't have to
type passwords every time they reconnect to shared resources. For example, suppose that each morning a user
wants her PC to connect to five shared directories on five different LAN Manager and Windows for Workgroups
servers and one network printer. In Windows for Workgroups, she does not have to type in the passwords for the
shared resources every day to set up these connections. Windows for Workgroups automatically gives her access to
all of the resources she had previously provided the passwords for after she has logged onto her Windows for
Workgroups desktop. And because the passwords for these connections are stored in an encrypted file using the
RC4 algorithm, there is little chance that someone could wrongfully obtain the password for a certain resource. In
fact, there is usually a greater risk when passwords are not stored and encrypted on disk for the user. Why?
Because when users have to reenter a password every time they try to connect to a shared resource, they often resort
to writing down the password somewhere in their office space or saving it on their hard drives, unencrypted!
If needed, an individual Windows for Workgroups workstation can be quickly and easily prevented from sharing
some or all resources by using one of several methods:
* Go to the Networks section of the Windows Control Panel and untoggle the "Enable
Sharing" box. This will prevent the user from sharing anything on the Windows for
Workgroups network but leaves sharing software on the hard drive.
* Edit the system.ini file and restart Windows for Workgroups. This prevents the user
from sharing anything on the Windows for Workgroups network and will not allow
toggling of the "Enable Sharing" box. The sharing software is left on the hard drive.
* Modify the setup.src file so that the vserver.386 file is not installed on the machine
This prevents the user from sharing anything on the Windows for Workgroups
network and leaves no sharing software on the hard drive.
* Edit winfile.ini to just prevent file sharing while permitting printer sharing. This will
remove all file sharing capability (buttons and drop down menus) in the File Manager.
* Edit win.ini to prevent printer sharing while permitting file sharing. This will remove
all printer sharing capability (buttons and drop down menus) in the Print Manager.
You can of course modify the master copies of these files and have them installed on individual PCs in the
organization automatically through the Windows for Workgroups SETUP /N command (explained later in more
detail) or from a floppy-disk based installation.
This gives the network administrator control over his network and at the same time lets the users retain all of the
other Windows for Workgroups features including access to shared resources on other machines, built-in electronic
mail and scheduling, and network DDE capability.